Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31690 | 1 Cache Utility Project | 1 Cache Utility | 2025-09-02 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Cache Utility allows Cross Site Request Forgery.This issue affects Cache Utility: from 0.0.0 before 1.2.1. | ||||
| CVE-2025-31691 | 1 Oauth2 Server Project | 1 Oauth2 Server | 2025-09-02 | 9.8 Critical |
| Missing Authorization vulnerability in Drupal OAuth2 Server allows Forceful Browsing.This issue affects OAuth2 Server: from 0.0.0 before 2.1.0. | ||||
| CVE-2025-31694 | 1 Two-factor Authentication Project | 1 Two-factor Authentication | 2025-09-02 | 8.1 High |
| Incorrect Authorization vulnerability in Drupal Two-factor Authentication (TFA) allows Forceful Browsing.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.10.0. | ||||
| CVE-2025-31695 | 1 Upstreamable | 1 Link Field Display Mode Formatter | 2025-09-02 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Link field display mode formatter allows Cross-Site Scripting (XSS).This issue affects Link field display mode formatter: from 0.0.0 before 1.6.0. | ||||
| CVE-2025-31696 | 1 Chapterthree | 1 Rapidoc Oas Field Formatter | 2025-09-02 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal RapiDoc OAS Field Formatter allows Cross-Site Scripting (XSS).This issue affects RapiDoc OAS Field Formatter: from 0.0.0 before 1.0.1. | ||||
| CVE-2025-31697 | 1 Formatter Suite Project | 1 Formatter Suite | 2025-09-02 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Formatter Suite allows Cross-Site Scripting (XSS).This issue affects Formatter Suite: from 0.0.0 before 2.1.0. | ||||
| CVE-2025-3059 | 1 Profile Private Project | 1 Profile Private | 2025-09-02 | 5.3 Medium |
| Vulnerability in Drupal Profile Private.This issue affects Profile Private: *.*. | ||||
| CVE-2025-3060 | 1 Flattern Project | 1 Flattern | 2025-09-02 | 6.6 Medium |
| Vulnerability in Drupal Flattern – Multipurpose Bootstrap Business Profile.This issue affects Flattern – Multipurpose Bootstrap Business Profile: *.*. | ||||
| CVE-2025-3061 | 1 Material Admin Project | 1 Material Admin | 2025-09-02 | 6.6 Medium |
| Vulnerability in Drupal Material Admin.This issue affects Material Admin: *.*. | ||||
| CVE-2025-3062 | 1 Admin Lte Theme Project | 1 Admin Lte Theme | 2025-09-02 | 6.6 Medium |
| Vulnerability in Drupal Drupal Admin LTE theme.This issue affects Drupal Admin LTE theme: *.*. | ||||
| CVE-2025-31286 | 1 Trendmicro | 1 Trend Vision One | 2025-09-02 | 4.6 Medium |
| An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. Please note: this issue has already been addressed on the backend service and is no longer considered an active vulnerability. | ||||
| CVE-2025-3129 | 1 Access Code Project | 1 Access Code | 2025-09-02 | 4.8 Medium |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.4. | ||||
| CVE-2024-13290 | 1 Ohdear | 1 Ohdear Integration | 2025-09-02 | 5.3 Medium |
| Incorrect Authorization vulnerability in Drupal OhDear Integration allows Forceful Browsing.This issue affects OhDear Integration: from 0.0.0 before 2.0.4. | ||||
| CVE-2024-13291 | 1 Basic Http Authentication Project | 1 Basic Http Authentication | 2025-09-02 | 7.3 High |
| Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4. | ||||
| CVE-2024-2859 | 1 Broadcom | 1 Brocade Sannav | 2025-09-02 | 6.8 Medium |
| By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account. | ||||
| CVE-2024-13292 | 1 Tooltip Project | 1 Tooltip | 2025-09-02 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Tooltip allows Cross-Site Scripting (XSS).This issue affects Tooltip: from 0.0.0 before 1.1.2. | ||||
| CVE-2024-13293 | 1 Post File Project | 1 Post File | 2025-09-02 | 3.1 Low |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal POST File allows Cross Site Request Forgery.This issue affects POST File: from 0.0.0 before 1.0.2. | ||||
| CVE-2024-13294 | 1 Post File Project | 1 Post File | 2025-09-02 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal POST File allows Cross-Site Scripting (XSS).This issue affects POST File: from 0.0.0 before 1.0.2. | ||||
| CVE-2024-13295 | 1 Node Export Project | 1 Node Export | 2025-09-02 | 6.6 Medium |
| Deserialization of Untrusted Data vulnerability in Drupal Node export allows Object Injection.This issue affects Node export: from 7.X-* before 7.X-3.3. | ||||
| CVE-2024-13298 | 1 Kleegroup | 1 Tarte Au Citron | 2025-09-02 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Tarte au Citron allows Cross-Site Scripting (XSS).This issue affects Tarte au Citron: from 2.0.0 before 2.0.5. | ||||